Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas
BlueBorne: Turn that Bluetooth off

Uday Mittal September 14, 2017 Leave a Comment

BlueBorne: Turn that Bluetooth off

A cool thing about Person of Interest, a popular television show, is it’s depiction of how easily mobile devices can be broken into. On a typical day, John Reese (played by Jim Cviezel) would walk by the person of interest, tap a few times on his phone and gets full access to the target’s mobile device. Until three days back this was fiction. Today it’s not. Thanks to BlueBorne. Watch the following video if you don’t believe me.

On 13th September, 2017, Armis, a US-based security lab, published a research article titled, BlueBorne. In this article they have explained eight flaws through which a mobile device can be compromised. They have termed these flaws as BlueBorne. These flaws exist in the way Bluetooth functionality is applied in mobile devices. As a result, an ill willed hacker can take full control of the device without any action on the part of the user. When using these flaws the hacker doesn’t even need to pair their device with the target mobile device. This makes BlueBorne a dangerous attacking technique. Imagine, you’re walking in a local market with your mobile device in pocket. If your device’s Bluetooth is enabled, then anyone who can detect your device can, potentially, take control of your device. Of course, they would need the knowledge and skills to take advantage of these flaws.

BlueBorne flaws exist in all devices that are equipped with Bluetooth and running Android, iOS (9.3.3 and below), Windows (Vista and above) and Linux operating systems. At the time of writing there are approximately 8.2 billion such devices across the world.

How to protect your device?

Here are few steps you can take to protect your device from these flaws:

  • Keep your mobile device’s Bluetooth disabled if not required.
  • If you have an Android device, you can check if it’s vulnerable using this app released by ArmisLabs.
  • Update your mobile device to the latest version of the operating system released by the device manufacturer.
  • If an update is not available for your mobile device:
    • Avoid using device’s Bluetooth capability in public places

 

Related Posts

  • Steal Windows Credentials using a PDF File (NTLM Hash)Steal Windows Credentials using a PDF File (NTLM Hash)
  • Google Play Protect: Android’s New Security SystemGoogle Play Protect: Android’s New Security System
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Awareness Tagged With: Android, Armis, BlueBorne, Blueborne attack, Bluetooth, iOS, Linux, Windows

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security command and control crte crtp cyber-warfare Cyber Security cybersecurity Cybersecurity books Cybersecurity Cannon domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Narendra Modi offensive security Online Safety opsec Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration

Top Posts

  • Red Team Operations Attack Lifecycle
    Red Team Operations Attack Lifecycle
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera
  • AD Exploitation using ADSI - Part 1 (Introduction)
    AD Exploitation using ADSI - Part 1 (Introduction)
  • ADSISearcher (Part 2)
    ADSISearcher (Part 2)

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress